AutoagentAI

Privacy Policy

Last updated: February 3, 2026

1. Information We Collect

AutoagentAI collects information to provide and improve our services. The types of data we collect include:

Account Information

  • Name, email address, phone number
  • Company/dealership name and details
  • Billing and payment information

Lead Data (Customer Data)

  • Lead information you provide or integrate from your systems
  • Contact details (names, emails, phone numbers)
  • Interaction history and communication logs

Usage Information

  • How you use our platform (features accessed, actions taken)
  • Device information (browser type, IP address, operating system)
  • Log data (timestamps, error reports)

2. How We Use Your Data

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process lead automation workflows
  • Send service notifications and updates
  • Provide customer support
  • Analyze usage patterns to improve our platform
  • Detect and prevent fraud or security issues
  • Comply with legal obligations

3. Cookies & Analytics

We use cookies and similar tracking technologies to:

  • Maintain your session and preferences
  • Analyze how our website and services are used
  • Improve user experience

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our services.

4. Data Sharing & Disclosure

We do not sell your personal information. We may share data in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our platform (e.g., cloud hosting, payment processing). These providers are contractually obligated to protect your data.

Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights and safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

5. Data Minimization and Retention Policies

5.1. System and Application Logging

  • Internal Server Logs: To minimize the unnecessary collection of operational data, internal reverse-proxy logs (Nginx) are configured to be automatically purged every 24 hours.
  • Automation Engine Logs: Internal execution logs generated by the background automation engine are subject to an automated retention lifecycle and are permanently purged every 7 days.

5.2. Business Data Retention

Lead and Client Data: As a Data Processor, we operate strictly under the directives of the Data Controller. Lead information and email data are securely stored for the duration of the operational relationship. This data is retained strictly for the Controller's business use and will be permanently destroyed or returned immediately upon the Controller's request. We do not independently access, mine, or repurpose this data.

6. Technical Security Controls

6.1. Cryptographic Measures (Encryption)

  • Data in Transit: All communications between end-users, the Vercel frontend, the internal automation engine, and the database architecture are secured using modern, industry-standard cryptographic protocols (SSL/TLS 1.2 or higher).
  • Data at Rest: All database volumes are encrypted at the storage tier by the cloud infrastructure provider, ensuring that data physically residing on the server hard drives is inaccessible without authorization.
  • Credential Security: User authentication credentials (passwords) are strictly prohibited from being stored in plain text. All passwords are one-way hashed and salted using the bcrypt cryptographic algorithm prior to database insertion.

6.2. Access Control and Authentication

  • Network-Level Isolation: The internal automation engine is restricted from public web traffic. The database operates within a managed, isolated virtual network. Access to the database cluster is enforced via strict IP-whitelisting, exclusively permitting traffic from verified internal application server IP addresses.
  • Application-Level Segregation: Data access within the application logic is governed by strict Role-Based Access Control (RBAC). User sessions and permissions are securely managed and validated using JSON Web Tokens (JWT), ensuring logical separation of data per collection and database.
  • Infrastructure Access: Direct access to production servers and infrastructure is strictly limited on a principle of least privilege. Access is restricted exclusively to assigned developers utilizing individual, securely generated SSH keys. Password-based authentication for server access is disabled.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request corrections to inaccurate data
  • Deletion: Request deletion of your data (subject to legal obligations)
  • Portability: Request your data in a machine-readable format
  • Opt-out: Opt out of marketing communications

To exercise these rights, please contact us at shaun@autoagentsystems.com.

8. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

9. Data Sovereignty and Sub-processors

To maintain strict adherence to EU data residency requirements, all primary data processing and storage infrastructure is geographically localized within the European Economic Area (EEA). The application relies on the following vetted infrastructure sub-processors:

  • Frontend Application Hosting: Deployed via Vercel Inc. (Global Edge Network) for secure delivery of the user dashboard.
  • Internal Automation Engine: Hosted via Hetzner Online GmbH (Data Center Region: Germany). This service operates entirely in the background and is not exposed to public internet traffic.
  • Database Infrastructure: Managed MongoDB Atlas clusters deployed on Amazon Web Services (AWS) infrastructure, specifically within the eu-west-1 region (Ireland).

10. Governance and Compliance

All cross-border data processing required for remote system maintenance and administration is governed by standard Data Processing Agreements (DPAs) incorporating Standard Contractual Clauses (SCCs) to ensure equivalent levels of data protection are maintained at all times.

11. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our platform. Your continued use of our services after such updates constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: shaun@autoagentsystems.com

Phone: +353 86-191-5939